aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml74
1 files changed, 74 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
new file mode 100644
index 000000000..4ab49641f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+ - National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+ - Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
+ <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" />
+ <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" />
+ <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" />
+ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+ <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+ <pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/>
+
+ <!-- eID4U extensions -->
+ <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" async="true"/>
+ <pd:Task id="receiveConsentForAddtionalAttributesTask" class="ReceiveConsentForAddtionalAttributesTask" async="true"/>
+
+
+
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
+
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+
+ <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+
+ <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+ <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" />
+
+ <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+ <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+
+ <pd:Transition from="certificateReadRequest" to="verifyCertificate" />
+ <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+
+ <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyCertificate" to="getForeignID" />
+
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" />
+
+ <pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
+
+ <pd:Transition from="getMISMandate" to="userRestrictionTask" />
+ <pd:Transition from="getForeignID" to="userRestrictionTask" />
+
+
+ <pd:Transition from="userRestrictionTask" to="genericFrontChannelRedirectTask" />
+
+ <!-- eID4U tasks for attribute collection -->
+ <pd:Transition from="genericFrontChannelRedirectTask" to="collectAddtionalAttributesTask" />
+
+ <pd:Transition from="collectAddtionalAttributesTask" to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" />
+ <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" />
+
+ <pd:Transition from="receiveConsentForAddtionalAttributesTask" to="finalizeAuthentication" />
+
+
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 22:59:13 +0000